commit 374e4b87d43c81ca0c869445bd43454376cc6478
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Tue Jul 09 10:21:34 2013 +0200
committer Paul Bakker <p.j.bakker@polarssl.org> Wed Jul 17 15:59:39 2013 +0200
tree 78034a75831724f4b21c4b677344ca46cc8e2680
parent 0a64e8f1fd82bbd32647e2f5cb9ddd93408a4d4e

pk_set_type() cannot be used to reset key type

include/polarssl/pk.h

diff --git a/include/polarssl/pk.h b/include/polarssl/pk.h
index 00f8cfc..707f138 100644
--- a/include/polarssl/pk.h
+++ b/include/polarssl/pk.h
@@ -28,6 +28,7 @@
 #define POLARSSL_PK_H
 
 #define POLARSSL_ERR_PK_MALLOC_FAILED       -0x2F80  /**< Memory alloation failed. */
+#define POLARSSL_ERR_PK_TYPE_MISMATCH       -0x2F00  /**< Type mismatch, eg attempt to use a RSA key as EC, or to modify key type */
 
 #ifdef __cplusplus
 extern "C" {
@@ -72,7 +73,12 @@
  * \param ctx       Context to initialize
  * \param type      Type of key
  *
- * \return          O on success, or POLARSSL_ERR_PK_MALLOC_FAILED
+ * \note            Once the type of a key has been set, it cannot be reset.
+ *                  If you want to do so, you need to use pk_free() first.
+ *
+ * \return          O on success,
+ *                  POLARSSL_ERR_PK_MALLOC_FAILED on memory allocation fail,
+ *                  POLARSSL_ERR_PK_TYPE_MISMATCH on attempts to reset type.
  */
 int pk_set_type( pk_context *ctx, pk_type_t type );
 

library/error.c

diff --git a/library/error.c b/library/error.c
index 0a739b5..560c54c 100644
--- a/library/error.c
+++ b/library/error.c
@@ -250,6 +250,8 @@
 #if defined(POLARSSL_PK_C)
         if( use_ret == -(POLARSSL_ERR_PK_MALLOC_FAILED) )
             snprintf( buf, buflen, "PK - Memory alloation failed" );
+        if( use_ret == -(POLARSSL_ERR_PK_TYPE_MISMATCH) )
+            snprintf( buf, buflen, "PK - Type mismatch, eg attempt to use a RSA key as EC, or to modify key type" );
 #endif /* POLARSSL_PK_C */
 
 #if defined(POLARSSL_PKCS12_C)

library/pk.c

diff --git a/library/pk.c b/library/pk.c
index 71505ed..0591b3f 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -88,6 +88,12 @@
 {
     size_t size = 0;
 
+    if( ctx->type == type )
+        return( 0 );
+
+    if( ctx->type != POLARSSL_PK_NONE )
+        return( POLARSSL_ERR_PK_TYPE_MISMATCH );
+
     switch( type )
     {
 #if defined(POLARSSL_RSA_C)
@@ -104,7 +110,7 @@
 #endif
 
         case POLARSSL_PK_NONE:
-            ; /* Should not happen */
+            ; /* Cannot happen, but the cmpiler doesn't know */
     }
 
     if( ( ctx->data = malloc( size ) ) == NULL )

library/x509parse.c

diff --git a/library/x509parse.c b/library/x509parse.c
index 12f06ca..c801967 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -3120,6 +3120,8 @@
         return( 0 );
     }
 
+    pk_free( ctx );
+
     if ( ( ret = pk_set_type( ctx, POLARSSL_PK_ECKEY ) ) != 0 )
         return( ret );
 
@@ -3128,6 +3130,8 @@
         return( 0 );
     }
 
+    pk_free( ctx );
+
     return( POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT );
 }
 
@@ -3145,12 +3149,16 @@
     if( ( ret = x509parse_public_key_rsa( ctx->data, key, keylen ) ) == 0 )
         return( 0 );
 
+    pk_free( ctx );
+
     if ( ( ret = pk_set_type( ctx, POLARSSL_PK_ECKEY ) ) != 0 )
         return( ret );
 
     if( ( ret = x509parse_public_key_ec( ctx->data, key, keylen ) ) == 0 )
         return( 0 );
 
+    pk_free( ctx );
+
     return( POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT );
 }